Security News

A study of more than 1,000 IT security professionals by Dimensional Research found that of the 94% that give third-party users access to their network, a whopping 61% are unsure if those users are attempting to access unauthorised data.

This week’s question: What does automation mean for IT security teams?  What automation primarily means is that teams now have the chance to scale their tasks to meet the needs of the business. Nowadays, given that vulnerabilities are discovered on a daily basis, organisations need tools that can keep track of these weaknesses as these are made public and patches become available.   The great strategic advantage of using an automation tool for vulnerability management is the frequency at which it allows IT...

Companies need to beware of both external cyberattacks and insider threats. Like a classic horror film, both threats come with their own elements of mystery, suspense and fear. Fortunately, it is possible to defend each type of attack vector using a similar cybersecurity strategy for each. More on that later. First, let’s set the scene of the current security landscape.

With Halloween fast approaching, it’s a great time to discuss some of our favourite things in life: the creation of chocolate peanut butter cups and what these can teach us about phishing. Hard to imagine a time when before the “age of the cup” because there are many that never got to know the delicious glory that accompanies the unification of chocolate and peanut butter. Prior to that time, people walked around in total ignorance...

By Stuart Sharp, VP of solution engineering at OneLogin According to predictions from the Office of National Statistics, 50% of the UK workforce is expected to be working remotely by 2020. Many organisations have been preparing for this eventuality for many years, as can be seen from the increased uptake of ‘working from home policies’. This is no surprise considering the advancements in technology and the growing expectation of flexible working hours from the modern...

By Tarik Saleh, Senior Security Engineer at DomainTools Advanced Persistent Threats are long term patterns of network exploitation that go undetected for extended periods of time and are usually aimed at high profile targets such as governments, higher education institutions, political activists, and companies. They are often motivated by economic, political, and financial reasons, and the attacks tend to be highly targeted, resourceful, and risk tolerant.   The typical APT involves several phases:   Infiltration/Initial compromise:  This...

BlackBerry Limited (NYSE: BB; TSX: BB) today announced the creation of BlackBerry Advanced Technology Development Labs (BlackBerry Labs), a new business unit operating at the forefront of research and development in the cybersecurity space. Led by CTO Charles Eagan, BlackBerry Labs will include a team of over 120 software developers, architects, researchers, product leads and security experts, each working toward the common goal of identifying, exploring and creating new technologies to ensure BlackBerry is on the cutting edge of security innovation. The rise of the...

Food delivery company, DoorDash, has confirmed it was hit by a data breach which exposed the data of close to 5 million customers, delivery people and partners. The breach took place in May of this year, and it's unclear why it has taken DoorDash so long to reveal the details. According to a spokesperson for DoorDash, the breach took place via a third party provider - who was not named - and affected users who...

With nearly two-thirds (65%) of IT professionals don’t check employee credentials against common password lists, OneLogin, has developed the industry-first solution, Shield, designed to combat the top source of data breaches and emerging threat vectors: password reuse. Shield, the Google Chrome browser extension further grows OneLogin’s existing threat capabilities by protecting enterprises against password reuse, identity reuse, weak password practices and phishing. “Time and again, end-user behaviour—specifically password reuse—emerges as the primary source of data...

OneLogin has announced Vigilance AI, the new artificial intelligence and machine learning (AI/ML) risk engine, and SmartFactor Authentication. The new next-generation identity capabilities empower enterprises to combat emerging cybersecurity threats and move beyond password-based authentication. "There's been a massive uptick in cyberattacks targeting credentials, including brute force and breach replay attacks. Cybercriminals use credentials obtained from one breach, often from a personal application, and apply them to corporate accounts," said Venkat Sathyamurthy, Chief Product Officer...